Gartner: 40% of AI agent projects fail by 2027 amid security incidents
Serge Bulaev
Gartner reports that up to 40 percent of AI agent projects may fail by 2027, mainly because of security incidents and legacy systems that cannot provide real-time context. There are three main ways to use AI in software development: fully autonomous agents, human-reviewed agents, and selective autonomy where humans focus on key decisions. Fully autonomous approaches might boost speed but appear to increase risks like outages and data leaks. Human-reviewed and selective autonomy models may provide safer outcomes but with slower or plateauing speed gains. Leaders should pick the model that matches their organization's risk level and readiness.

Gartner predicts over 40% of agentic AI projects will be canceled by end of 2027 due to escalating costs, unclear business value, or inadequate risk controls. As engineering teams integrate AI, they face a critical decision: how to balance development velocity against operational quality. This article explores the three dominant operating models for an AI-powered software factory - fully agentic, human-gated, and selective autonomy - to help leaders align their strategy with their organization's risk tolerance and technical maturity.
1. "Turn the lights off": fully agentic factories
Agentic AI projects face high failure rates due to significant security vulnerabilities and integration challenges with legacy systems. These older systems lack the real-time context and modern architecture required for AI agents, while security threats like goal hijacking and data leakage create unacceptable enterprise risks.
The fully agentic or "lights-off" model delegates software production entirely to AI, aiming for maximum development speed. However, this approach carries substantial risk. 88% of organizations reported confirmed or suspected AI agent security incidents in the past year (2025), per Gravitee's Q1 2026 survey of 900+ executives and practitioners.
Key threats in this model include:
- Goal Hijacking & Prompt Injection: Malicious actors manipulate agent objectives.
- Memory Poisoning: An agent's long-term memory is compromised to alter its behavior.
- Data Leakage: Sensitive information is exposed through uncontrolled tool use.
These vulnerabilities, compounded by legacy systems unable to provide real-time context, can lead to cascading system outages and severe data breaches.
2. "Read and review all": human gatekeepers
A more conservative approach treats AI agents as drafting partners, with human developers reviewing every change before it is merged. This model prioritizes safety and quality over speed. While industry reports show that pairing with AI makes developers significantly faster on new tasks, the mandatory human review process creates a bottleneck, causing total throughput gains to plateau at more modest levels.
This human-gated model typically results in:
* Shifted Focus: AI handles boilerplate code, tests, and scaffolds, freeing developers for complex domain logic.
* Reduced Peer Review: With fewer defects entering the pipeline, peer code review sessions drop significantly.
* Stable Quality: Code quality remains high, as all AI-generated commits must pass existing security and coding standards.
3. "Find leverage, keep people": selective autonomy
The selective autonomy model strikes a balance, using humans for high-leverage decisions while delegating routine implementation to AI agents. In this structure, people oversee critical junctures like architecture design, dependency approvals, and security policy. Elite teams using this hybrid approach report substantial throughput gains and achieving significant AI-assisted code share without increasing defect rates.
Effective governance for this model includes:
* Progressive Autonomy: Granting agents more independence only after they demonstrate reliability on smaller tasks.
* Sandboxed Execution: Isolating each agent's work in its own feature branch to prevent unintended system-wide impact.
* Test-Driven Generation: Requiring agents to write and pass tests based on acceptance criteria before generating implementation code.
* Confidence-Based Escalation: Automatically flagging agent outputs with low certainty scores for mandatory human review.
By keeping human expertise focused on strategic decisions, this model can increase shipping velocity by two to three times.
Picking the right factory for 2026 and beyond
The evidence is clear: greater agent autonomy correlates directly with both higher velocity and increased risk exposure. Leaders should view these three models as a strategic dial to be adjusted based on context. The fully agentic model is best for sandboxed experiments, the human-gated model suits regulated domains where failure is unacceptable, and selective autonomy offers a path to sustained, scalable gains. The decisive factor for success is ensuring that your governance, infrastructure, and team maturity align with the chosen level of autonomy.